I've got JasperServer 2.1.0 working with Glassfish V2 and Apache Derby. I connected JasperServer authentication to my own JDBC authentication realm in Glassfish. I ran into an issue however when the my external users and roles are migrated over to the JasperServer security domain. This occurs when both a new user and a new role are being migrated over from the external security realm. Hibernate was throwing an exception stating that a relationship to an unknown object was found when persisting. I traced this down and found that when a new external role is migrated over to JasperServer, it creates and persists role but later when the new user is persisted, the code goes through and finds the roles and associates the roles with the user. But with a brand new role that was just added, Hibernate does not find the role when executing the query. I fixed this problem by adding getHibernateTemplate().flush() to "putRole" in UserAuthorityServiceImpl.java: Code: /* (non-Javadoc) * @see com.jaspersoft.jasperserver.api.metadata.user.service.UserAuthorityService#putRole(com.jaspersoft.jasperserver.api.common.domain.ExecutionContext, com.jaspersoft.jasperserver.api.metadata.user.domain.Role) */ public void putRole(ExecutionContext context, Role aRole) { RepoRole existingRole = getRepoRole(context, aRole.getRoleName()); log.debug("putRole: " + aRole.getRoleName() + ", " + existingRole); if (existingRole == null) { existingRole = (RepoRole) getPersistentClassFactory().newObject(Role.class); log.debug("New Object"«»); } existingRole.copyFromClient(aRole, this); getHibernateTemplate().saveOrUpdate(existingRole); // XXX getHibernateTemplate().flush(); // XXX Set repoUsers = existingRole.getUsers(); for (Iterator it = repoUsers.iterator(); it.hasNext();«») { RepoUser repoUser = (RepoUser) it.next(); repoUser.getRoles().remove(getPersistentObject(aRole)); } Set users = aRole.getUsers(); for (Iterator it = users.iterator(); it.hasNext();«») { User user = (User) it.next(); addRole(context, user, aRole); } } This causes the newly created Role to be found when the query in getRepoRole is executed. Should this be logged as a bug with a possible fix?